[***] Summary: [***]

12 new OPEN, 24 new PRO (12 + 12) EyesofNetwork SQLi, PinkBot CnC,
Go/PSW.Agent_AGen.A Data Exfil, and various CoinMiners.

Thanks @360NetLab

Please share issues, feedback, and requests at
https://feedback.emergingthreats.net/feedback

[+++] Added rules: [+++]

Open:

2034308 - ET EXPLOIT DotNetNuke 9.2-9.2.2 Cookie Deserialization Exploit
(CVE-2018-15811) (exploit.rules)
2034309 - ET EXPLOIT EyesOfNetwork Cookie SQLi (CVE-2020-9465)
(exploit.rules)
2034310 - ET EXPLOIT EyesOfNetwork Generate API Key SQLi (CVE-2020-8656)
(exploit.rules)
2034311 - ET EXPLOIT EyesOfNetwork Autodiscover Command Injection
(CVE-2020-8654) (exploit.rules)
2034312 - ET EXPLOIT IBM Data Risk Manager Arbitrary File Download
(CVE-2020-4430) (exploit.rules)
2034313 - ET TROJAN Win32/Sabsik.FL.B!ml Checkin (trojan.rules)
2034314 - ET MALWARE Lantern Checkin (malware.rules)
2034315 - ET TROJAN Go/PSW.Agent_AGen.A Data Exfil (trojan.rules)
2034316 - ET POLICY Observed DNS Query to File Transfer Service Domain
(transfer .sh) (policy.rules)
2034317 - ET TROJAN PinkBot CnC Domain in DNS Lookup (cnc .pinklander
.com) (trojan.rules)
2034318 - ET CURRENT_EVENTS Generic Credential Phish Activity GET
(current_events.rules)
2034319 - ET CURRENT_EVENTS Generic Credential Phish Activity POST
(current_events.rules)

Pro:

2850293 - ETPRO TROJAN MSIL/Kryptik.ACNA Variant SMTP Exfil Activity M1
(trojan.rules)
2850324 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-29 1) (trojan.rules)
2850325 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-29 2) (trojan.rules)
2850326 - ETPRO TROJAN CoinMiner Known Malicious Stratum Authline
(2021-10-29 3) (trojan.rules)
2850327 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(chrome_bookmark.json) (info.rules)
2850328 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(chrome_cookie.json) (info.rules)
2850329 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(chrome_download.json) (info.rules)
2850330 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(chrome_history.json) (info.rules)
2850331 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(chrome_credit.json) (info.rules)
2850332 - ETPRO INFO Suspicious Zipped Filename in Outbound POST Request
(chrome_password.json) (info.rules)
2850333 - ETPRO TROJAN Powershell.WC Octopus Backdoor Activity (View)
(trojan.rules)
2850334 - ETPRO TROJAN Cobalt Strike Unknown/Custom C2 Profile
(malware.rules)

[///] Modified active rules: [///]

2801296 - ETPRO TROJAN Virut Trojan UA Detected (trojan.rules)
2847710 - ETPRO CURRENT_EVENTS Successful Instagram Phish 2021-03-19
(current_events.rules)

[---] Disabled and modified rules: [---]

2015743 - ET INFO Revoked Adobe Code Signing Certificate Seen (info.rules)

[---] Removed rules: [---]

2850017 - ETPRO TROJAN Powershell.WC Octopus Backdoor Activity (View)
(trojan.rules)
2850293 - ETPRO MALWARE MSIL/Kryptik.ACNA Variant SMTP Exfil Activity M1
(malware.rules)

Date:
Summary title:
12 new OPEN, 24 new PRO (12 + 12) EyesofNetwork SQLi, PinkBot CnC, Go/PSW.Agent_AGen.A Data Exfil, and various CoinMiners.